注销后防止后退按钮 [英] Prevent back button after logout
问题描述
我不希望用户在注销后单击后退按钮返回到安全页面。在我的注销代码中,我取消了会话并重定向到登录页面。但是,我认为浏览器正在缓存页面,所以尽管会话从注销中被销毁,它仍然可见。
I don't want the user to go back to secured pages by clicking back button after logging out. In my logout code, I am unsetting the sessions and redirecting to login page.But, I think the browser is caching the page so it becomes visible despite the session being destroyed from logout.
我可以通过不允许浏览器缓存来避免这种情况
I am able to avoid this by not allowing the browser to cache
header(Cache-Control,no-cache, no-store,must-revalidate)
但这样我就失去了浏览器缓存的优势。
But this way I am loosing the advantage of Browser Caching.
请提出更好的方法来实现这一目标。我觉得,javascript客户端必须有办法处理这个问题
Please suggest a better way of achieving this. I feel, there must be a way of handling this by javascript client side
推荐答案
用PHP实现这个而不是javascript。
Implement this in PHP and not javascript.
在每个页面的顶部,检查用户是否已登录。如果没有,则应将其重定向到登录页面:
At the top of each page, check to see if the user is logged in. If not, they should be redirected to a login page:
<?php
if(!isset($_SESSION['logged_in'])) :
header("Location: login.php");
?>
正如您所提到的,在注销时,只需取消设置logged_in会话变量,并销毁会话:
As you mentioned, on logout, simply unset the logged_in session variable, and destroy the session:
<?php
unset($_SESSION['logged_in']);
session_destroy();
?>
如果用户现在点击返回,则没有可用的logged_in会话变量,并且页面将不会加载。
If the user clicks back now, no logged_in session variable will be available, and the page will not load.
这篇关于注销后防止后退按钮的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!